"It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand," reporter Chris Welch wrote. "Out of security concerns, we will not be linking to the website in question."

A few hours later, the news site published a separate post quoting Apple officials as saying they were "aware of the issue, and working on a fix."

Those who had already enrolled in the two-factor authentication protection Apple unveiled on Thursday were reportedly safe from the exploit. Those who hadn't signed up were presumably vulnerable if an attacker knew their birthdate. Given the common practice of disclosing birthdays on Facebook and other social media, the information needed to exploit the flaw was widely available for many iCloud and iTunes users. Complicating matters, according to The Verge, two-factor authentication still isn't available to people outside of the US, UK, Australia, Ireland, and New Zealand.

Apple should be commended for acting so quickly to suspend password resets after the flaw became public. As Wired reporter Mat Honan learned first hand, losing control of an iCloud account can precipitate a cascading series of compromises that can wipe out years of photos, e-mails, and other digital assets.

Typical Apple tbh. They've never really been very secure, but always had the reputation because there are so many Windows exploits reported. Apple looked good in comparison to the average retard consumer, but actually there were just many more Windows machines and more people attacking them.

Those who had already enrolled in the two-factor authentication protection Apple unveiled on Thursday were reportedly safe from the exploit.

Not true. There is a 3 day grace period you have to wait until you can finish setting it up and start using it.

The whole idea of two-factor is to encourage people to turn it on and use it, right? I turn it on, and now I have to wait three days, for the sake of an incredibly elaborate "ARE YOU SURE?"

And then Apple washes their hands of the ability to reset my password. What could possibly go wrong?

Edit: I am thinking more about the casual or non-technical user, than I am of myself. I know people who change their password, write it on a post-it, and then both forget the password and lose the post-it the very next day.

Not true. There is a 3 day grace period you have to wait until you can finish setting it up and start using it.

That's not true. I set it up yesterday and am using it now. You have to wait three days if you recently made changes to your Apple ID, including changing your password because Apple deemed it too weak when you logged in to set two-factor authentication up.

I am starting to wonder whether Apple aren't hiring to many designers and not enough qualified programmers, especially in beta and alpha testing.I know we have become the beta tester recently but in security this is a dangerous methodology.

Typical Apple tbh. They've never really been very secure, but always had the reputation because there are so many Windows exploits reported. Apple looked good in comparison to the average retard consumer, but actually there were just many more Windows machines and more people attacking them.

You know this is was a website exploit, not an OS security issue? There's some irony in tossing around the r word when you yourself are not letting important distinctions get in the way of a chance to speak your brains.

No, they should be blamed for letting it happen in the first place. The original article by the Verge was up for a few hours before they brought even the site down, and even when it was down you could still use the URL method to by-pass their "site down" page and take control of others accounts (as reported by iMore). I would imagine that the exploit was there for more than a full day during that time period countless accounts have, with all likelihood, been captured.

When there are ordinary viruses or security threats to consumers, you can at least do something to prevent them from infecting your computer. Here, a multi-billion company that has been promoting the greatness of cloud storage of ALL your information, leaves a back door open for virtually everyone, and we should be rejoicing that it was not open for a month but just for a day. It must make all those affected people happy little badgers.

Apple has now brought the site back online after fixing the problem. iMore first reported that the exploit, which involved manipulating a URL, was no longer active. We have been able to confirm this in our own testing.

Not true. There is a 3 day grace period you have to wait until you can finish setting it up and start using it.

That's not true. I set it up yesterday and am using it now. You have to wait three days if you recently made changes to your Apple ID, including changing your password because Apple deemed it too weak when you logged in to set two-factor authentication up.

Thanks that makes sense, when attempting to log in I had no idea what my security question answers were so reset my password, then went directly to activating dubtwo-step verification.

Typical Apple tbh. They've never really been very secure, but always had the reputation because there are so many Windows exploits reported. Apple looked good in comparison to the average retard consumer, but actually there were just many more Windows machines and more people attacking them.

You know this is was a website exploit, not an OS security issue? There's some irony in tossing around the r word when you yourself are not letting important distinctions get in the way of a chance to speak your brains.

So what? Apple's priority has never been security, OS or website. It's only an important distinction if you go doey eyed at the sight of a large icon.

Last year I bought a new laptop for my daughter and son-in-law. When setting up iTunes on her new PC, I learned that she had forgotten her password and no longer had the old email account she used to sign up. Using only her userid, her DOB, and a little persistence, we were able to get the email address associated with her iTunes account reset to my wife's email. After that, it was simple to get a password reset sent to that email address. After that, my daughter was able to log in, reset the email address to her new one and set a new password herself. Although I don't remember all the stuff we tried, there was no special URL involved.

Last year I bought a new laptop for my daughter and son-in-law. When setting up iTunes on her new PC, I learned that she had forgotten her password and no longer had the old email account she used to sign up. Using only her userid, her DOB, and a little persistence, we were able to get the email address associated with her iTunes account reset to my wife's email. After that, it was simple to get a password reset sent to that email address. After that, my daughter was able to log in, reset the email address to her new one and set a new password herself. Although I don't remember all the stuff we tried, there was no special URL involved.

To me that seems highly insecure. I'm glad that your daughter was able to recover her account, but personally I'd rather lose the account and have to start a new one - than know that someone could hijack my account with just my user id, DOB, and a little persistence, as you described.

Typical Apple tbh. They've never really been very secure, but always had the reputation because there are so many Windows exploits reported. Apple looked good in comparison to the average retard consumer, but actually there were just many more Windows machines and more people attacking them.

You know this is was a website exploit, not an OS security issue? There's some irony in tossing around the r word when you yourself are not letting important distinctions get in the way of a chance to speak your brains.

And your point is…?? Both are fully Apple's responsibility, a weakness in either can open one's personal info to hackers, and the distinction you say is important would not be to the potential millions of victims.